VIRY.CZ

zdravím, prosím o kontrolu po hláškach esetu win32/Finloski.AA

combofix
ComboFix 12-12-07.01 - pitrr 11.12.2012 9:30.3.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2721 [GMT 1:00]
Spuštěný z: c:\users\pitrr\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-11 do 2012-12-11 )))))))))))))))))))))))))))))))
.
.
2012-12-11 08:41 . 2012-12-11 08:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-11 08:41 . 2012-12-11 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-11 08:41 . 2012-12-11 08:41 -------- d-----w- c:\users\Danek\AppData\Local\temp
2012-12-11 07:45 . 2012-12-11 07:45 -------- d-----w- c:\programdata\Simply Super Software
2012-12-10 07:35 . 2012-12-10 07:35 -------- d-----w- c:\users\pitrr\AppData\Roaming\dclogs
2012-12-03 16:42 . 2012-12-03 16:42 82816 ----a-w- c:\users\pitrr\AppData\Roaming\pcouffin.sys
2012-12-03 16:42 . 2012-12-03 16:43 -------- d-----w- c:\programdata\VSO
2012-11-30 22:30 . 2012-11-30 22:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-30 22:29 . 2012-11-30 22:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-30 22:22 . 2012-11-30 22:22 -------- d-----w- c:\users\pitrr\.objectdb
2012-11-30 22:22 . 2012-11-30 22:22 -------- d-----w- c:\users\pitrr\AppData\Roaming\VitySoft
2012-11-28 09:38 . 2012-11-29 09:59 -------- d-----w- c:\program files (x86)\Artisteer 4
2012-11-26 11:31 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2012-11-26 11:31 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-26 11:31 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-26 11:31 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-26 11:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-26 11:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-26 11:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-26 11:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-26 11:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-26 11:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-26 11:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-26 11:21 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-26 11:21 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-26 11:14 . 2012-11-26 11:15 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-11-24 18:34 . 2012-11-24 18:34 -------- d-----w- C:\help
2012-11-24 18:33 . 2012-11-24 18:34 -------- d-----w- c:\program files (x86)\Activision
2012-11-24 11:15 . 2012-11-24 11:15 -------- d-----w- c:\users\Danek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-11-23 23:09 . 2012-11-23 23:09 -------- d-----w- c:\program files (x86)\Artisteer 3
2012-11-21 13:02 . 2012-11-22 00:43 165112 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-11-20 08:10 . 2012-11-20 08:10 -------- d-----w- c:\users\Danek\AppData\Local\Microsoft Games
2012-11-19 12:31 . 2012-11-19 12:31 -------- d-----w- c:\users\pitrr\VirtualBox VMs
2012-11-19 12:14 . 2012-12-09 21:15 -------- d-----w- c:\users\pitrr\.VirtualBox
2012-11-19 12:13 . 2012-10-26 18:01 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-11-19 12:13 . 2012-10-26 17:59 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-11-19 12:12 . 2012-11-19 12:12 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-30 22:29 . 2012-06-16 12:35 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-30 22:29 . 2011-04-18 18:05 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-19 13:35 . 2012-04-04 10:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-19 13:35 . 2011-05-21 16:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 08:35 . 2012-11-09 08:35 272480 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-10-26 18:00 . 2012-10-26 18:00 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 17:59 . 2012-10-26 17:59 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-26 17:59 . 2012-10-26 17:59 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-10-26 17:59 . 2012-10-26 17:59 105816 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2011-04-15 17:50 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2011-09-19 12:00 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-03-15 14:29 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 07:21 . 2012-10-08 07:21 64072 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-10-08 07:21 . 2012-10-08 07:21 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-10-08 07:21 . 2012-10-08 07:21 189208 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-10-02 19:51 . 2011-01-07 18:49 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-01-07 18:50 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-01-07 18:49 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-01-07 18:49 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-01-07 18:49 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-01-07 18:49 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-14 19:19 . 2012-10-12 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-12 19:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2011-01-12 101888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 36328]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-09-09 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-10-27 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-10-26 105816]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va005;X6va005;c:\users\pitrr\AppData\Local\Temp\00535F0.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-10-23 1329304]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2009-10-21 474240]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:35]
.
2012-12-11 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-10-14 16:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-10-23 6325424]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.mojebanka.cz/InternetBanking/?L=CS
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\pitrr\AppData\Roaming\Mozilla\Firefox\Profiles\6lsa4t5g.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe
.
.
Binary file temp00 matches
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\pitrr\AppData\Local\Temp\00535F0.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,2b,47,7d,f1,4e,bb,45,6b,dd,5d,d4,9f,52,a2,05,44,81,9b,27,54,
28,5c,e5,4a,f7,b4,3e,c7,ec,3b,1e,d2,c7,b8,68,cb,c7,fa,e4,22,26,7e,a7,60,b3,\
"rkeysecu"=hex:ab,49,45,3f,36,92,e8,16,aa,81,77,93,f7,98,7d,e5
.
[HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{52886ae5-2524-4242-8a54-244ae1e79601}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e4
"Therad"=dword:0000001b
.
[HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):07,c4,40,26,b7,5e,10,83,b3,66,de,b6,bd,bd,2e,1e,4d,d0,8a,17,1a,
c0,14,0e,3f,e8,ce,95,f5,06,e8,60,83,92,28,49,6c,1b,3f,60,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):09,5a,d3,c0,09,f7,97,0e,a1,73,24,50,82,13,8a,1d,36,f9,12,e8,cc,
67,1f,3c,ef,a7,87,f1,04,32,92,1e,7c,08,f7,2b,72,96,b0,0d,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{f0dcc163-df88-4e51-8b07-d07371194a64}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a0
"Therad"=dword:0000001d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-11 09:43:48
ComboFix-quarantined-files.txt 2012-12-11 08:43
ComboFix2.txt 2012-12-10 11:49
.
Před spuštěním: Volných bajtů: 116 244 729 856
Po spuštění: Volných bajtů: 116 161 691 648
.
- - End Of File - - 145E5496C3A9C287AEC5E621C969708D

Zdravim

Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

zdarvim
1.ne
2.o.k
jak tedy dál

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

• Ulozte nejlepe na plochu
• Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Report
• Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbanr
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

pěkný den, včera jsem to už nestihl, zasilám logy
děkuji
Malwarebytes
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.12.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pitrr :: PITRR-PC [administrator]

12.12.2012 8:03:14
mbar-log-2012-12-12 (08-03-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 34317
Time elapsed: 17 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\pitrr\AppData\Roaming\dclogs (Stolen.Data) -> Delete on reboot.

Files Detected: 1
C:\Users\pitrr\AppData\Roaming\dclogs\2012-12-10-2.dc (Stolen.Data) -> Delete on reboot.

(end)

MBRScan

Tdsskiller
13:20:30.0178 3240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:20:32.0183 3240 ============================================================
13:20:32.0183 3240 Current date / time: 2012/12/11 13:20:32.0183
13:20:32.0183 3240 SystemInfo:
13:20:32.0183 3240
13:20:32.0183 3240 OS Version: 6.1.7601 ServicePack: 1.0
13:20:32.0183 3240 Product type: Workstation
13:20:32.0183 3240 ComputerName: PITRR-PC
13:20:32.0184 3240 UserName: pitrr
13:20:32.0184 3240 Windows directory: C:\Windows
13:20:32.0184 3240 System windows directory: C:\Windows
13:20:32.0184 3240 Running under WOW64
13:20:32.0184 3240 Processor architecture: Intel x64
13:20:32.0184 3240 Number of processors: 3
13:20:32.0184 3240 Page size: 0x1000
13:20:32.0184 3240 Boot type: Normal boot
13:20:32.0184 3240 ============================================================
13:20:33.0432 3240 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:20:33.0436 3240 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:20:33.0460 3240 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:20:33.0464 3240 ============================================================
13:20:33.0465 3240 \Device\Harddisk0\DR0:
13:20:33.0465 3240 MBR partitions:
13:20:33.0465 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
13:20:33.0465 3240 \Device\Harddisk1\DR1:
13:20:33.0465 3240 MBR partitions:
13:20:33.0465 3240 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:20:33.0465 3240 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
13:20:33.0465 3240 \Device\Harddisk2\DR2:
13:20:33.0465 3240 MBR partitions:
13:20:33.0465 3240 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x807, BlocksNum 0x2542D7F9
13:20:33.0465 3240 ============================================================
13:20:33.0498 3240 C: <-> \Device\Harddisk1\DR1\Partition2
13:20:33.0540 3240 E: <-> \Device\Harddisk2\DR2\Partition1
13:20:33.0563 3240 D: <-> \Device\Harddisk0\DR0\Partition1
13:20:33.0564 3240 ============================================================
13:20:33.0564 3240 Initialize success
13:20:33.0564 3240 ============================================================
13:21:07.0063 3280 ============================================================
13:21:07.0063 3280 Scan started
13:21:07.0063 3280 Mode: Manual; SigCheck; TDLFS;
13:21:07.0063 3280 ============================================================
13:21:07.0531 3280 ================ Scan system memory ========================
13:21:07.0531 3280 System memory - ok
13:21:07.0532 3280 ================ Scan services =============================
13:21:07.0740 3280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:21:07.0810 3280 1394ohci - ok
13:21:07.0877 3280 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:21:07.0904 3280 ACDaemon - ok
13:21:07.0949 3280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:21:07.0963 3280 ACPI - ok
13:21:08.0002 3280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:21:08.0067 3280 AcpiPmi - ok
13:21:08.0154 3280 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:21:08.0163 3280 AdobeARMservice - ok
13:21:08.0254 3280 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:21:08.0264 3280 AdobeFlashPlayerUpdateSvc - ok
13:21:08.0301 3280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:21:08.0346 3280 adp94xx - ok
13:21:08.0353 3280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:21:08.0388 3280 adpahci - ok
13:21:08.0400 3280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:21:08.0413 3280 adpu320 - ok
13:21:08.0483 3280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:21:08.0613 3280 AeLookupSvc - ok
13:21:08.0653 3280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:21:08.0701 3280 AFD - ok
13:21:08.0741 3280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:21:08.0774 3280 agp440 - ok
13:21:08.0804 3280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:21:08.0914 3280 ALG - ok
13:21:08.0938 3280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:21:08.0989 3280 aliide - ok
13:21:09.0009 3280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:21:09.0056 3280 amdide - ok
13:21:09.0088 3280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:21:09.0246 3280 AmdK8 - ok
13:21:09.0266 3280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:21:09.0337 3280 AmdPPM - ok
13:21:09.0386 3280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:21:09.0460 3280 amdsata - ok
13:21:09.0511 3280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:21:09.0577 3280 amdsbs - ok
13:21:09.0599 3280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:21:09.0636 3280 amdxata - ok
13:21:09.0679 3280 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
13:21:09.0738 3280 androidusb - ok
13:21:09.0812 3280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:21:10.0448 3280 AppID - ok
13:21:10.0510 3280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:21:10.0551 3280 AppIDSvc - ok
13:21:10.0596 3280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:21:10.0703 3280 Appinfo - ok
13:21:10.0785 3280 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:21:10.0835 3280 AppMgmt - ok
13:21:10.0908 3280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:21:10.0972 3280 arc - ok
13:21:10.0999 3280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:21:11.0016 3280 arcsas - ok
13:21:11.0213 3280 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:21:11.0254 3280 aspnet_state - ok
13:21:11.0357 3280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:11.0482 3280 AsyncMac - ok
13:21:11.0552 3280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:21:11.0582 3280 atapi - ok
13:21:11.0944 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:21:12.0018 3280 AudioEndpointBuilder - ok
13:21:12.0092 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:21:12.0137 3280 AudioSrv - ok
13:21:12.0221 3280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:21:12.0330 3280 AxInstSV - ok
13:21:12.0394 3280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:21:12.0419 3280 b06bdrv - ok
13:21:12.0445 3280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:21:12.0507 3280 b57nd60a - ok
13:21:12.0582 3280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:21:12.0606 3280 BDESVC - ok
13:21:12.0626 3280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:21:12.0662 3280 Beep - ok
13:21:12.0706 3280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:21:12.0754 3280 BFE - ok
13:21:12.0824 3280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:21:12.0875 3280 BITS - ok
13:21:12.0924 3280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:21:12.0945 3280 blbdrive - ok
13:21:12.0999 3280 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:21:13.0009 3280 Bonjour Service - ok
13:21:13.0041 3280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:21:13.0093 3280 bowser - ok
13:21:13.0112 3280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:21:13.0162 3280 BrFiltLo - ok
13:21:13.0186 3280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:21:13.0198 3280 BrFiltUp - ok
13:21:13.0203 3280 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:21:13.0251 3280 BridgeMP - ok
13:21:13.0330 3280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:21:13.0352 3280 Browser - ok
13:21:13.0369 3280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:21:13.0406 3280 Brserid - ok
13:21:13.0420 3280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:13.0457 3280 BrSerWdm - ok
13:21:13.0476 3280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:13.0511 3280 BrUsbMdm - ok
13:21:13.0570 3280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:21:13.0593 3280 BrUsbSer - ok
13:21:13.0640 3280 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:21:13.0692 3280 BthEnum - ok
13:21:13.0734 3280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:21:13.0766 3280 BTHMODEM - ok
13:21:13.0820 3280 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:21:13.0834 3280 BthPan - ok
13:21:13.0996 3280 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:21:14.0126 3280 BTHPORT - ok
13:21:14.0448 3280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:21:14.0532 3280 bthserv - ok
13:21:14.0712 3280 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:21:14.0804 3280 BTHUSB - ok
13:21:14.0871 3280 catchme - ok
13:21:15.0057 3280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:21:15.0128 3280 cdfs - ok
13:21:15.0238 3280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:21:15.0309 3280 cdrom - ok
13:21:15.0771 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:21:15.0866 3280 CertPropSvc - ok
13:21:16.0033 3280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:21:16.0098 3280 circlass - ok
13:21:16.0345 3280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:21:16.0389 3280 CLFS - ok
13:21:16.0477 3280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:16.0486 3280 clr_optimization_v2.0.50727_32 - ok
13:21:16.0549 3280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:21:16.0558 3280 clr_optimization_v2.0.50727_64 - ok
13:21:16.0657 3280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:16.0665 3280 clr_optimization_v4.0.30319_32 - ok
13:21:16.0673 3280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:21:16.0687 3280 clr_optimization_v4.0.30319_64 - ok
13:21:16.0712 3280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:21:16.0743 3280 CmBatt - ok
13:21:16.0783 3280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:21:16.0802 3280 cmdide - ok
13:21:16.0874 3280 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:21:16.0923 3280 CNG - ok
13:21:16.0927 3280 COMMONFX.DLL - ok
13:21:16.0936 3280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:21:16.0956 3280 Compbatt - ok
13:21:16.0993 3280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:21:17.0018 3280 CompositeBus - ok
13:21:17.0057 3280 COMSysApp - ok
13:21:17.0062 3280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:21:17.0072 3280 crcdisk - ok
13:21:17.0119 3280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:21:17.0146 3280 CryptSvc - ok
13:21:17.0206 3280 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:21:17.0251 3280 CSC - ok
13:21:17.0338 3280 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:21:17.0368 3280 CscService - ok
13:21:17.0372 3280 ctac32k - ok
13:21:17.0377 3280 CTAUDFX.DLL - ok
13:21:17.0381 3280 CTEAPSFX.DLL - ok
13:21:17.0386 3280 CTEDSPFX.DLL - ok
13:21:17.0390 3280 CTEDSPIO.DLL - ok
13:21:17.0394 3280 CTEDSPSY.DLL - ok
13:21:17.0398 3280 ctprxy2k - ok
13:21:17.0403 3280 CTSBLFX.DLL - ok
13:21:17.0407 3280 ctsfm2k - ok
13:21:17.0482 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:21:17.0524 3280 DcomLaunch - ok
13:21:17.0546 3280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:21:17.0591 3280 defragsvc - ok
13:21:17.0633 3280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:21:17.0671 3280 DfsC - ok
13:21:17.0674 3280 dgderdrv - ok
13:21:17.0736 3280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:21:17.0766 3280 Dhcp - ok
13:21:17.0785 3280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:21:17.0812 3280 discache - ok
13:21:17.0850 3280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:21:17.0871 3280 Disk - ok
13:21:17.0933 3280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:21:17.0945 3280 Dnscache - ok
13:21:18.0018 3280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:21:18.0064 3280 dot3svc - ok
13:21:18.0112 3280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:21:18.0153 3280 DPS - ok
13:21:18.0175 3280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:21:18.0205 3280 drmkaud - ok
13:21:18.0285 3280 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
13:21:18.0294 3280 DrvAgent64 - ok
13:21:18.0351 3280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:21:18.0381 3280 DXGKrnl - ok
13:21:18.0384 3280 EagleX64 - ok
13:21:18.0428 3280 [ 4337B4BF0F65B12A67D15CE868125B8F ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
13:21:18.0442 3280 eamonm - ok
13:21:18.0467 3280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:21:18.0508 3280 EapHost - ok
13:21:18.0565 3280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:21:18.0664 3280 ebdrv - ok
13:21:18.0719 3280 [ EAD87F4C50ACFC045C56E035C7BF01F9 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
13:21:18.0740 3280 ehdrv - ok
13:21:18.0777 3280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:21:18.0808 3280 ehRecvr - ok
13:21:18.0837 3280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:21:18.0849 3280 ehSched - ok
13:21:18.0996 3280 [ 8C58315E956AF0B888C06746494AD81E ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
13:21:19.0019 3280 ekrn - ok
13:21:19.0047 3280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:21:19.0066 3280 elxstor - ok
13:21:19.0085 3280 emupia - ok
13:21:19.0120 3280 [ 3B4383348DCEFF4572891C03C555BFAB ] epfw C:\Windows\system32\DRIVERS\epfw.sys
13:21:19.0132 3280 epfw - ok
13:21:19.0145 3280 [ E8A79AD0A29E9162C78CFC544836AD86 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
13:21:19.0173 3280 EpfwLWF - ok
13:21:19.0195 3280 [ 04209B964D807E9A8A42DC2B3DD42E43 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
13:21:19.0214 3280 epfwwfp - ok
13:21:19.0252 3280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:21:19.0272 3280 ErrDev - ok
13:21:19.0351 3280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:21:19.0391 3280 EventSystem - ok
13:21:19.0474 3280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:21:19.0539 3280 exfat - ok
13:21:19.0575 3280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:21:19.0637 3280 fastfat - ok
13:21:19.0682 3280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:21:19.0713 3280 Fax - ok
13:21:19.0730 3280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:21:19.0761 3280 fdc - ok
13:21:19.0812 3280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:21:19.0853 3280 fdPHost - ok
13:21:19.0870 3280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:21:19.0911 3280 FDResPub - ok
13:21:19.0941 3280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:21:19.0961 3280 FileInfo - ok
13:21:19.0965 3280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:21:20.0018 3280 Filetrace - ok
13:21:20.0033 3280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:21:20.0044 3280 flpydisk - ok
13:21:20.0101 3280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:21:20.0144 3280 FltMgr - ok
13:21:20.0227 3280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:21:20.0278 3280 FontCache - ok
13:21:20.0416 3280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:20.0423 3280 FontCache3.0.0.0 - ok
13:21:20.0444 3280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:21:20.0464 3280 FsDepends - ok
13:21:20.0515 3280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:21:20.0534 3280 Fs_Rec - ok
13:21:20.0576 3280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:21:20.0590 3280 fvevol - ok
13:21:20.0608 3280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:21:20.0647 3280 gagp30kx - ok
13:21:20.0715 3280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:21:20.0764 3280 gpsvc - ok
13:21:20.0768 3280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:21:20.0781 3280 hcw85cir - ok
13:21:20.0838 3280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:21:20.0865 3280 HdAudAddService - ok
13:21:20.0881 3280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:21:20.0909 3280 HDAudBus - ok
13:21:20.0924 3280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:21:20.0962 3280 HidBatt - ok
13:21:20.0980 3280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:21:21.0015 3280 HidBth - ok
13:21:21.0033 3280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:21:21.0078 3280 HidIr - ok
13:21:21.0144 3280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:21:21.0184 3280 hidserv - ok
13:21:21.0224 3280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:21:21.0244 3280 HidUsb - ok
13:21:21.0281 3280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:21:21.0325 3280 hkmsvc - ok
13:21:21.0385 3280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:21:21.0400 3280 HomeGroupListener - ok
13:21:21.0450 3280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:21:21.0473 3280 HomeGroupProvider - ok
13:21:21.0536 3280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:21:21.0547 3280 HpSAMD - ok
13:21:21.0600 3280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:21:21.0645 3280 HTTP - ok
13:21:21.0685 3280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:21:21.0694 3280 hwpolicy - ok
13:21:21.0742 3280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:21:21.0764 3280 i8042prt - ok
13:21:21.0806 3280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:21:21.0841 3280 iaStorV - ok
13:21:21.0886 3280 [ 3CBC834892B5E04CE635BB60FB0EE6FF ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
13:21:21.0898 3280 IDMWFP - ok
13:21:22.0051 3280 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:21:22.0056 3280 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:21:22.0056 3280 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:21:22.0112 3280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:21:22.0133 3280 idsvc - ok
13:21:22.0172 3280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:21:22.0182 3280 iirsp - ok
13:21:22.0252 3280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:21:22.0289 3280 IKEEXT - ok
13:21:22.0387 3280 [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:21:22.0487 3280 IntcAzAudAddService - ok
13:21:22.0526 3280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:21:22.0536 3280 intelide - ok
13:21:22.0555 3280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:21:22.0590 3280 intelppm - ok
13:21:22.0615 3280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:21:22.0652 3280 IPBusEnum - ok
13:21:22.0693 3280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:22.0733 3280 IpFilterDriver - ok
13:21:22.0795 3280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:21:22.0851 3280 iphlpsvc - ok
13:21:22.0900 3280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:21:22.0927 3280 IPMIDRV - ok
13:21:22.0955 3280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:21:23.0003 3280 IPNAT - ok
13:21:23.0016 3280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:21:23.0073 3280 IRENUM - ok
13:21:23.0110 3280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:21:23.0130 3280 isapnp - ok
13:21:23.0175 3280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:21:23.0201 3280 iScsiPrt - ok
13:21:23.0213 3280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:23.0224 3280 kbdclass - ok
13:21:23.0265 3280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:21:23.0296 3280 kbdhid - ok
13:21:23.0342 3280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:21:23.0353 3280 KSecDD - ok
13:21:23.0391 3280 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:21:23.0403 3280 KSecPkg - ok
13:21:23.0424 3280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:21:23.0472 3280 ksthunk - ok
13:21:23.0522 3280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:21:23.0561 3280 KtmRm - ok
13:21:23.0603 3280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:21:23.0645 3280 LanmanServer - ok
13:21:23.0682 3280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:21:23.0710 3280 LanmanWorkstation - ok
13:21:23.0722 3280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:21:23.0775 3280 lltdio - ok
13:21:23.0806 3280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:21:23.0848 3280 lltdsvc - ok
13:21:23.0862 3280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:21:23.0890 3280 lmhosts - ok
13:21:23.0912 3280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:21:23.0933 3280 LSI_FC - ok
13:21:23.0944 3280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:21:23.0964 3280 LSI_SAS - ok
13:21:23.0975 3280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:21:23.0995 3280 LSI_SAS2 - ok
13:21:24.0009 3280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:21:24.0030 3280 LSI_SCSI - ok
13:21:24.0043 3280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:21:24.0083 3280 luafv - ok
13:21:24.0120 3280 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
13:21:24.0157 3280 MarvinBus - ok
13:21:24.0197 3280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:21:24.0222 3280 Mcx2Svc - ok
13:21:24.0240 3280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:21:24.0269 3280 megasas - ok
13:21:24.0289 3280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:21:24.0323 3280 MegaSR - ok
13:21:24.0407 3280 Microsoft SharePoint Workspace Audit Service - ok
13:21:24.0459 3280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:21:24.0501 3280 MMCSS - ok
13:21:24.0514 3280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:21:24.0553 3280 Modem - ok
13:21:24.0575 3280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:21:24.0601 3280 monitor - ok
13:21:24.0617 3280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:21:24.0628 3280 mouclass - ok
13:21:24.0639 3280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:21:24.0650 3280 mouhid - ok
13:21:24.0692 3280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:21:24.0702 3280 mountmgr - ok
13:21:24.0759 3280 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:21:24.0768 3280 MozillaMaintenance - ok
13:21:24.0787 3280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:21:24.0802 3280 mpio - ok
13:21:24.0814 3280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:21:24.0860 3280 mpsdrv - ok
13:21:24.0926 3280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:21:24.0962 3280 MpsSvc - ok
13:21:25.0003 3280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:21:25.0028 3280 MRxDAV - ok
13:21:25.0069 3280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:25.0111 3280 mrxsmb - ok
13:21:25.0155 3280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:25.0207 3280 mrxsmb10 - ok
13:21:25.0228 3280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:25.0250 3280 mrxsmb20 - ok
13:21:25.0301 3280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:21:25.0320 3280 msahci - ok
13:21:25.0361 3280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:21:25.0383 3280 msdsm - ok
13:21:25.0422 3280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:21:25.0451 3280 MSDTC - ok
13:21:25.0483 3280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:21:25.0510 3280 Msfs - ok
13:21:25.0524 3280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:21:25.0562 3280 mshidkmdf - ok
13:21:25.0609 3280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:21:25.0629 3280 msisadrv - ok
13:21:25.0684 3280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:21:25.0713 3280 MSiSCSI - ok
13:21:25.0716 3280 msiserver - ok
13:21:25.0721 3280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:21:25.0763 3280 MSKSSRV - ok
13:21:25.0778 3280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:25.0804 3280 MSPCLOCK - ok
13:21:25.0816 3280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:21:25.0855 3280 MSPQM - ok
13:21:25.0893 3280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:21:25.0908 3280 MsRPC - ok
13:21:25.0968 3280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:21:25.0977 3280 mssmbios - ok
13:21:25.0989 3280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:21:26.0017 3280 MSTEE - ok
13:21:26.0033 3280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:21:26.0043 3280 MTConfig - ok
13:21:26.0061 3280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:21:26.0081 3280 Mup - ok
13:21:26.0135 3280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:21:26.0177 3280 napagent - ok
13:21:26.0198 3280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:21:26.0224 3280 NativeWifiP - ok
13:21:26.0328 3280 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
13:21:26.0344 3280 NAUpdate - ok
13:21:26.0388 3280 [ 7B2D90BBBBED11C8DFBA441D34AE901E ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
13:21:26.0408 3280 NBVol - ok
13:21:26.0421 3280 [ 4FE7B5757279D82C4D171E9F7FD52A75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
13:21:26.0438 3280 NBVolUp - ok
13:21:26.0494 3280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:21:26.0523 3280 NDIS - ok
13:21:26.0540 3280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:21:26.0578 3280 NdisCap - ok
13:21:26.0582 3280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:26.0618 3280 NdisTapi - ok
13:21:26.0656 3280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:26.0683 3280 Ndisuio - ok
13:21:26.0725 3280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:26.0776 3280 NdisWan - ok
13:21:26.0821 3280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:21:26.0882 3280 NDProxy - ok
13:21:26.0899 3280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:21:26.0947 3280 NetBIOS - ok
13:21:26.0989 3280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:21:27.0031 3280 NetBT - ok
13:21:27.0081 3280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:21:27.0106 3280 Netlogon - ok
13:21:27.0137 3280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:21:27.0185 3280 Netman - ok
13:21:27.0284 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:27.0313 3280 NetMsmqActivator - ok
13:21:27.0316 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:27.0324 3280 NetPipeActivator - ok
13:21:27.0354 3280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:21:27.0397 3280 netprofm - ok
13:21:27.0401 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:27.0409 3280 NetTcpActivator - ok
13:21:27.0413 3280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:27.0422 3280 NetTcpPortSharing - ok
13:21:27.0449 3280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:21:27.0479 3280 nfrd960 - ok
13:21:27.0504 3280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:21:27.0519 3280 NlaSvc - ok
13:21:27.0586 3280 [ FF4D73B16EA3A32D34CEB3A7BC3C3773 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
13:21:27.0599 3280 NMIndexingService - ok
13:21:27.0609 3280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:21:27.0663 3280 Npfs - ok
13:21:27.0692 3280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:21:27.0731 3280 nsi - ok
13:21:27.0743 3280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:21:27.0770 3280 nsiproxy - ok
13:21:27.0840 3280 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:21:28.0290 3280 Ntfs - ok
13:21:28.0316 3280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:21:28.0352 3280 Null - ok
13:21:28.0381 3280 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
13:21:28.0430 3280 NVENETFD - ok
13:21:28.0648 3280 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:21:28.0952 3280 nvlddmkm - ok
13:21:28.0985 3280 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
13:21:29.0000 3280 NVNET - ok
13:21:29.0019 3280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:21:29.0044 3280 nvraid - ok
13:21:29.0084 3280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:21:29.0094 3280 nvstor - ok
13:21:29.0135 3280 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] NVSvc C:\Windows\system32\nvvsvc.exe
13:21:29.0157 3280 NVSvc - ok
13:21:29.0214 3280 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:21:29.0236 3280 nvUpdatusService - ok
13:21:29.0277 3280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:21:29.0298 3280 nv_agp - ok
13:21:29.0412 3280 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:21:29.0426 3280 odserv - ok
13:21:29.0460 3280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:21:29.0481 3280 ohci1394 - ok
13:21:29.0513 3280 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:29.0523 3280 ose - ok
13:21:29.0563 3280 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:29.0572 3280 ose64 - ok
13:21:29.0687 3280 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:21:29.0775 3280 osppsvc - ok
13:21:29.0780 3280 ossrv - ok
13:21:29.0807 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:21:29.0834 3280 p2pimsvc - ok
13:21:29.0856 3280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:21:29.0872 3280 p2psvc - ok
13:21:29.0905 3280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:21:29.0926 3280 Parport - ok
13:21:29.0976 3280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:21:29.0996 3280 partmgr - ok
13:21:30.0009 3280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:21:30.0038 3280 PcaSvc - ok
13:21:30.0087 3280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:21:30.0131 3280 pci - ok
13:21:30.0138 3280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:21:30.0157 3280 pciide - ok
13:21:30.0175 3280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:21:30.0209 3280 pcmcia - ok
13:21:30.0213 3280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:21:30.0234 3280 pcw - ok
13:21:30.0259 3280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:21:30.0331 3280 PEAUTH - ok
13:21:30.0373 3280 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:21:30.0426 3280 PeerDistSvc - ok
13:21:30.0507 3280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:21:30.0527 3280 PerfHost - ok
13:21:30.0585 3280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:21:30.0652 3280 pla - ok
13:21:30.0683 3280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:21:30.0698 3280 PlugPlay - ok
13:21:30.0721 3280 PnkBstrA - ok
13:21:30.0759 3280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:21:30.0770 3280 PNRPAutoReg - ok
13:21:30.0783 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:21:30.0794 3280 PNRPsvc - ok
13:21:30.0813 3280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:21:30.0855 3280 PolicyAgent - ok
13:21:30.0875 3280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:21:30.0915 3280 Power - ok
13:21:30.0953 3280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:21:31.0009 3280 PptpMiniport - ok
13:21:31.0022 3280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:21:31.0051 3280 Processor - ok
13:21:31.0094 3280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:21:31.0123 3280 ProfSvc - ok
13:21:31.0139 3280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:21:31.0149 3280 ProtectedStorage - ok
13:21:31.0194 3280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:21:31.0232 3280 Psched - ok
13:21:31.0273 3280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:21:31.0316 3280 ql2300 - ok
13:21:31.0330 3280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:21:31.0342 3280 ql40xx - ok
13:21:31.0365 3280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:21:31.0382 3280 QWAVE - ok
13:21:31.0402 3280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:21:31.0426 3280 QWAVEdrv - ok
13:21:31.0482 3280 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
13:21:31.0494 3280 RapiMgr - ok
13:21:31.0507 3280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:21:31.0544 3280 RasAcd - ok
13:21:31.0568 3280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:21:31.0595 3280 RasAgileVpn - ok
13:21:31.0606 3280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:21:31.0643 3280 RasAuto - ok
13:21:31.0686 3280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:31.0763 3280 Rasl2tp - ok
13:21:31.0807 3280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:21:31.0838 3280 RasMan - ok
13:21:31.0855 3280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:31.0894 3280 RasPppoe - ok
13:21:31.0898 3280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:21:31.0943 3280 RasSstp - ok
13:21:31.0987 3280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:21:32.0028 3280 rdbss - ok
13:21:32.0042 3280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:21:32.0074 3280 rdpbus - ok
13:21:32.0083 3280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:32.0109 3280 RDPCDD - ok
13:21:32.0158 3280 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:21:32.0206 3280 RDPDR - ok
13:21:32.0219 3280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:21:32.0245 3280 RDPENCDD - ok
13:21:32.0256 3280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:21:32.0291 3280 RDPREFMP - ok
13:21:32.0333 3280 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:21:32.0361 3280 RdpVideoMiniport - ok
13:21:32.0399 3280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:21:32.0439 3280 RDPWD - ok
13:21:32.0481 3280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:21:32.0495 3280 rdyboost - ok
13:21:32.0543 3280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:21:32.0582 3280 RemoteAccess - ok
13:21:32.0649 3280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:21:32.0690 3280 RemoteRegistry - ok
13:21:32.0744 3280 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:21:32.0780 3280 RFCOMM - ok
13:21:32.0803 3280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:21:32.0842 3280 RpcEptMapper - ok
13:21:32.0879 3280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:21:32.0889 3280 RpcLocator - ok
13:21:32.0933 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:21:32.0962 3280 RpcSs - ok
13:21:32.0985 3280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:21:33.0035 3280 rspndr - ok
13:21:33.0069 3280 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:21:33.0079 3280 s3cap - ok
13:21:33.0089 3280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:21:33.0098 3280 SamSs - ok
13:21:33.0141 3280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:21:33.0162 3280 sbp2port - ok
13:21:33.0177 3280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:21:33.0216 3280 SCardSvr - ok
13:21:33.0260 3280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:21:33.0293 3280 scfilter - ok
13:21:33.0349 3280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:21:33.0401 3280 Schedule - ok
13:21:33.0438 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:21:33.0462 3280 SCPolicySvc - ok
13:21:33.0504 3280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:21:33.0531 3280 SDRSVC - ok
13:21:33.0556 3280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:21:33.0606 3280 secdrv - ok
13:21:33.0650 3280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:21:33.0676 3280 seclogon - ok
13:21:33.0702 3280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:21:33.0730 3280 SENS - ok
13:21:33.0741 3280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:21:33.0752 3280 SensrSvc - ok
13:21:33.0766 3280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:21:33.0787 3280 Serenum - ok
13:21:33.0804 3280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:21:33.0851 3280 Serial - ok
13:21:33.0888 3280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:21:33.0922 3280 sermouse - ok
13:21:33.0967 3280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:21:34.0004 3280 SessionEnv - ok
13:21:34.0051 3280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:21:34.0088 3280 sffdisk - ok
13:21:34.0099 3280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:21:34.0129 3280 sffp_mmc - ok
13:21:34.0147 3280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:21:34.0167 3280 sffp_sd - ok
13:21:34.0187 3280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:21:34.0217 3280 sfloppy - ok
13:21:34.0243 3280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:21:34.0275 3280 SharedAccess - ok
13:21:34.0380 3280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:21:34.0446 3280 ShellHWDetection - ok
13:21:34.0549 3280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:21:34.0630 3280 SiSRaid2 - ok
13:21:34.0654 3280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:21:34.0674 3280 SiSRaid4 - ok
13:21:34.0685 3280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:21:34.0713 3280 Smb - ok
13:21:34.0759 3280 [ B2AA7562BA5858633FCDCD246E8D6730 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
13:21:34.0792 3280 snapman - ok
13:21:34.0824 3280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:21:34.0852 3280 SNMPTRAP - ok
13:21:34.0867 3280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:21:34.0886 3280 spldr - ok
13:21:34.0939 3280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:21:34.0971 3280 Spooler - ok
13:21:35.0055 3280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:21:35.0158 3280 sppsvc - ok
13:21:35.0200 3280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:21:35.0240 3280 sppuinotify - ok
13:21:35.0240 3280 ================ Scan global ===============================
13:21:35.0311 3280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:21:35.0352 3280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:21:35.0360 3280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:21:35.0373 3280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:21:35.0403 3280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:21:35.0408 3280 [Global] - ok
13:21:35.0408 3280 ================ Scan MBR ==================================
13:21:35.0422 3280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:21:35.0662 3280 \Device\Harddisk0\DR0 - ok
13:21:35.0671 3280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:21:35.0922 3280 \Device\Harddisk1\DR1 - ok
13:21:35.0924 3280 [ C833E5FF8FCEDB2845BFA3880123195F ] \Device\Harddisk2\DR2
13:21:35.0992 3280 \Device\Harddisk2\DR2 - ok
13:21:35.0992 3280 ================ Scan VBR ==================================
13:21:35.0994 3280 [ 6A379AAF59E673F6F92E8EBE72EC5532 ] \Device\Harddisk0\DR0\Partition1
13:21:35.0995 3280 \Device\Harddisk0\DR0\Partition1 - ok
13:21:35.0999 3280 [ 2D9996B68BEDDF86B606F6A0F805C46C ] \Device\Harddisk1\DR1\Partition1
13:21:36.0000 3280 \Device\Harddisk1\DR1\Partition1 - ok
13:21:36.0029 3280 [ 664D19DB728792F1A7B78B5D340E475B ] \Device\Harddisk1\DR1\Partition2
13:21:36.0031 3280 \Device\Harddisk1\DR1\Partition2 - ok
13:21:36.0033 3280 [ 935CBA04A4416F70BD7BCBD23902B028 ] \Device\Harddisk2\DR2\Partition1
13:21:36.0035 3280 \Device\Harddisk2\DR2\Partition1 - ok
13:21:36.0035 3280 ============================================================
13:21:36.0035 3280 Scan finished
13:21:36.0035 3280 ============================================================
13:21:36.0046 1900 Detected object count: 1
13:21:36.0046 1900 Actual detected object count: 1
13:22:11.0815 1900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:11.0815 1900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbanr
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pitrr :: PITRR-PC [administrator]

12.12.2012 10:18:36
mbar-log-2012-12-12 (10-18-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 34321
Time elapsed: 13 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AlcoholAutomount"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\AutoKMS.job
  c:\windows\AutoKMS\AutoKMS.exe
  c:\users\pitrr\AppData\Local\Temp\00535F0.tmp
  c:\windows\SysWOW64\Drivers\X6va008.sys
  
  Folder::
  c:\windows\SysWOW64\Drivers\X6va008
  
  Driver::
  X6va005
  X6va008
  
  RegNull::
  [HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{52886ae5-2524-4242-8a54-244ae1e79601}]
  [HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
  EY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
  [HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{f0dcc163-df88-4e51-8b07-d07371194a64}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-12-10.01 - pitrr 12.12.2012 10:49:34.4.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2451 [GMT 1:00]
Spuštěný z: c:\users\pitrr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pitrr\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\pitrr\AppData\Local\Temp\00535F0.tmp"
"c:\windows\AutoKMS\AutoKMS.exe"
"c:\windows\SysWOW64\Drivers\X6va008.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Legacy_X6VA008
-------\Service_X6va005
-------\Service_X6va008
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-12 do 2012-12-12 )))))))))))))))))))))))))))))))
.
.
2012-12-12 10:04 . 2012-12-12 10:04 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-12-12 10:04 . 2012-12-12 10:04 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-12-12 10:04 . 2012-12-12 10:04 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-12-12 10:03 . 2012-12-12 10:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-12 10:03 . 2012-12-12 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 10:03 . 2012-12-12 10:03 -------- d-----w- c:\users\Danek\AppData\Local\temp
2012-12-12 08:48 . 2012-12-12 08:48 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-12 08:41 . 2012-12-12 08:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-11 12:26 . 2012-12-11 12:26 -------- d-----w- c:\programdata\Malwarebytes
2012-12-11 09:24 . 2012-12-11 09:24 -------- d-----w- c:\users\pitrr\AppData\Roaming\f-secure
2012-12-11 09:24 . 2012-12-11 09:24 -------- d-----w- c:\programdata\F-Secure
2012-12-11 07:45 . 2012-12-11 07:45 -------- d-----w- c:\programdata\Simply Super Software
2012-12-03 16:42 . 2012-12-03 16:42 82816 ----a-w- c:\users\pitrr\AppData\Roaming\pcouffin.sys
2012-12-03 16:42 . 2012-12-03 16:43 -------- d-----w- c:\programdata\VSO
2012-11-30 22:30 . 2012-11-30 22:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-30 22:29 . 2012-11-30 22:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-30 22:22 . 2012-11-30 22:22 -------- d-----w- c:\users\pitrr\.objectdb
2012-11-30 22:22 . 2012-11-30 22:22 -------- d-----w- c:\users\pitrr\AppData\Roaming\VitySoft
2012-11-28 09:38 . 2012-11-29 09:59 -------- d-----w- c:\program files (x86)\Artisteer 4
2012-11-26 11:31 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2012-11-26 11:31 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-26 11:31 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-26 11:31 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-26 11:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-26 11:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-26 11:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-26 11:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-26 11:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-26 11:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-26 11:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-26 11:21 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-26 11:21 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-26 11:14 . 2012-11-26 11:15 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-11-24 18:34 . 2012-11-24 18:34 -------- d-----w- C:\help
2012-11-24 18:33 . 2012-11-24 18:34 -------- d-----w- c:\program files (x86)\Activision
2012-11-24 11:15 . 2012-11-24 11:15 -------- d-----w- c:\users\Danek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-11-23 23:09 . 2012-11-23 23:09 -------- d-----w- c:\program files (x86)\Artisteer 3
2012-11-21 13:02 . 2012-11-22 00:43 165112 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-11-20 08:10 . 2012-11-20 08:10 -------- d-----w- c:\users\Danek\AppData\Local\Microsoft Games
2012-11-19 12:31 . 2012-11-19 12:31 -------- d-----w- c:\users\pitrr\VirtualBox VMs
2012-11-19 12:14 . 2012-12-09 21:15 -------- d-----w- c:\users\pitrr\.VirtualBox
2012-11-19 12:13 . 2012-10-26 18:01 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-11-19 12:13 . 2012-10-26 17:59 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-11-19 12:12 . 2012-11-19 12:12 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-30 22:29 . 2012-06-16 12:35 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-30 22:29 . 2011-04-18 18:05 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-19 13:35 . 2012-04-04 10:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-19 13:35 . 2011-05-21 16:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 08:35 . 2012-11-09 08:35 272480 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-10-26 18:00 . 2012-10-26 18:00 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 17:59 . 2012-10-26 17:59 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-26 17:59 . 2012-10-26 17:59 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-10-26 17:59 . 2012-10-26 17:59 105816 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2012-10-16 08:38 . 2012-12-11 09:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-11 09:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-11 09:44 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2011-04-15 17:50 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2009-07-13 21:59 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2011-09-19 12:00 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-03-15 14:29 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-08 07:21 . 2012-10-08 07:21 64072 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-10-08 07:21 . 2012-10-08 07:21 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-10-08 07:21 . 2012-10-08 07:21 189208 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-10-08 07:21 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-10-08 07:21 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-10-02 19:51 . 2011-01-07 18:49 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-01-07 18:50 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-01-07 18:49 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-01-07 18:49 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-01-07 18:49 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-01-07 18:49 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-14 19:19 . 2012-10-12 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-12 19:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2011-01-12 101888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 36328]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-09-09 21712]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-10-27 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-10-26 105816]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 64072]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-10-23 1329304]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
S3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2009-10-21 474240]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:35]
.
2012-12-12 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-10-14 16:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-10-23 6325424]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.mojebanka.cz/InternetBanking/?L=CS
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\pitrr\AppData\Roaming\Mozilla\Firefox\Profiles\6lsa4t5g.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-34054177.sys
AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3407526889-4199893139-733595983-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):09,5a,d3,c0,09,f7,97,0e,a1,73,24,50,82,13,8a,1d,36,f9,12,e8,cc,
67,1f,3c,ef,a7,87,f1,04,32,92,1e,7c,08,f7,2b,72,96,b0,0d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2012-12-12 11:10:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-12 10:10
ComboFix2.txt 2012-12-11 08:43
ComboFix3.txt 2012-12-10 11:49
.
Před spuštěním: Volných bajtů: 122 662 809 600
Po spuštění: Volných bajtů: 122 509 168 640
.
- - End Of File - - 74ABD51A6FF2FA4B33642E2A1C0097E2

Jak se chova PC

o.k díky moc seš fakt profík
co to bylo za potvoru?

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Havet typu rootkit, doporucuji zmenu hesel

A pokud nejsou problemy ci dotazy, je to z me strany vse

vše pročištěno a pc o.k
ještě jednou moc díky
pěkný den